Many IT service providers that started out in the break/fix model have simply slapped on the MSP (managed service provider) label as a way to upsell their services. Similarly, as cybersecurity has become a hot topic and data breaches are in the news every day, many MSPs have started to bill themselves as an MSSP (managed security service provider). What are the differences in these categories?
A true MSP derives the bulk of its revenue from monthly recurring services. The traditional break/fix business model is primarily reactive and instead charges a one-time fee to fix something. An MSP is focused on preventing problems while a break/fix vendor only enters the picture once a problem surfaces.
It’s in the best interest of an MSP to prevent problems, which is also in the best interest of the client. This matching of goals has led to the increasing use of MSPs over break/fix vendors by business owners. MSPs can offer more robust services that translate into cost savings for clients.
That, in a nutshell, is what separates a true MSP from a recent break/fix graduate.
What does it mean to be an MSSP (managed security service provider)?
Managed IT security goes far beyond antivirus software and patch management. Yes, installing antivirus/malware software on all endpoint devices in an organization is definitely an important part of secure computing and a secure network but endpoint security alone is not sufficient.
Antivirus software, patch management, and managed firewall are all good first steps on a path to a secure network. By implementing these types of solutions, you put your business in a better position than you were before. A security minded provider will have lots of other recommendations for you, many of which will be process related and will challenge the status quo of the typical organization’s network configuration. Working through an engagement with an MSSP will enable you to gain best practices for security and reduce the overall risk to your organization.
The Gift of Visibility (into Your Network)
I like to think of security in terms of visibility. If you don’t know what you have, you don’t know what kind of trouble you can get into.
Security = Visibility
When engaging with a new client, we usually start out with an assessment of the current network. We always find issues. Our job is to bring any issues to light; the client can always decide to take no action or delay taking action, depending on the risk. In the initial assessment, we establish a baseline. Moving forward, we are monitoring and validating that baseline by logging all activity in the network and analyzing those logs.
(For more information, see “What Can You Expect When Engaging with an MSP?”)
Crucial in the initial stages with a client is to build the asset management database. This tells us what devices are in your network. That’s a great start, but more important is to know when any new device has been added to your network and this is achieved with network monitoring. This can tell us when a device has been added to your network that you didn’t know about. For example, you may already know that you have 44 computers, 3 network switches, 4 printers, a firewall, and a router for a total of 53 devices plugged into your network. But network monitoring will tell you when a 54th device plugs into your network.
“There are three new devices on your wireless access point.”
“I don’t have a wireless access point.”
This is what network monitoring can do for you.
The initial assessment will uncover any unknown endpoints of which you were not aware. The ongoing network monitoring provides visibility into all the communications throughout the network, and ensures that you know about any new devices that get on the network.
“Why is this workstation in our finance department talking to this other endpoint device in a non-encrypted fashion?”
This is what visibility can do for you, uncover behavior that shouldn’t occur within the network because it wasn’t configured in that way.
Security is Not a Shopping Cart
Another important factor to keep in mind with security is that it’s not enough to simply purchase a bunch of security software packages — you have to know how to configure them properly and how to best leverage their use. With proper network design and configuration, you can segment different departments so that only certain people can access certain servers; for example, you can segment the HR and finance departments. In the event that an intruder does hack into your network via social engineering methods, the combination of network segmentation and security software can greatly reduce your risk.
Putting the correct processes in place is equally as important as implementing security tools. For example, best practices in security dictate that network logging files should be stored off-site. This enables future investigation if a breach does occur; otherwise, an intruder could delete all your log files to cover their malicious activity.
Finally, the right expertise is needed to optimize decision making. For example, moving applications to the cloud can be done as a way to save money, but the right expertise can help you make sure you choose applications wisely – not all applications are appropriate to move to the cloud.
Why Choose Corserva?
At Corserva, security is the foundation upon which all our solutions are built. In any technology discussion with a client or potential client, security is always in the forefront of our conversation. Security is inherent in every technology we implement. Improving and maintaining our clients’ security posture is of paramount importance to us.
If there is only one point you take from this article, know this:
Security is not an add-on. It should be part of the core fabric of all your systems.
Corserva designs, develops, and delivers customized security solutions for you based on industry best practices. In addition, your final security architecture will be the result of a team effort between Corserva and leaders from your IT and business operations departments. Our goal is to create effective security solutions that are realistic and structured to your unique business needs.
Corserva specializes in cybersecurity assessments that include network assessments as well as industry specific assessments such as HIPAA assessments and NIST assessments. Request a cybersecurity assessment from Corserva.